Welcome! 


Dear Customers, 


Welcome to our 19th Annual User Conference under the theme Security 
at a Crossroads. At the conference: 


e We will discuss the significant changes facing our industry and how 
to leverage these changes to help companies accelerate their Digital 
Transformation efforts. All the while building security in - making our 
networks more resilient and secure - and drastically reducing cost. 


e Our President and Chief Product Officer, Sumedh Thakar will unveil 
how we're bringing Vulnerability Management to the next level 
by leveraging the Global IT Asset Discovery and Inventory app we 
launched as a free service last quarter, new orchestration workflows 
and a new machine learning predictive approach to prioritization. 


e He'll also discuss our forthcoming Data Lake/SIEM and EDR initiatives 
going into beta early next year. 


e Our engineers and product managers will showcase many of the 
innovative solutions we’re bringing to market next year, and get your 
feedback. 


e At the conference, we'll also have the opportunity to discuss and listen 
to customers sharing their experiences and best practices, and the real 
impact they have on their companies. 


Following dinner on Wednesday evening, we'd like to invite you anda 


guest to a special Casino Night. 


On behalf of everyone at Qualys, I'd like to thank you for supporting us 
during all these years, and look forward to seeing you in person. 


‘yy Sincerely, 
le Philippe Courtot 
eae . 
a Chairman and CEO of Qualys 


Kahoot! Live customer polling 
and trivia 


This year we’re getting the audience involved! 
We'll be asking you for insight that we’ll share 

in real time, and spice things up with a trivia 
competition where you'll have a chance to win 
prizes. Winners will be announced during the 
closing remarks. Download the free Kahoot! app 
or play on any browser at https://kahoot.it. Enter 
the PIN, your email, choose a nickname and then 


you're in. The PIN will be visible on the big screen 


right before each game kicks off. 
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Follow the conference 


qualys.com/qsc-community 
Twitter #QSC19 


© Download presentations 
@ Discuss presentations with attendees 
=) Create a discussion 


© Meet other attendees 


Conference wi-fi 


To access wi-fi, open the settings on your device 
and select the "QSC19 LasVegas” SSID. Click on 
either attendee or guest. Enter the password 
"Qualys2019" and agree to the terms. 
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Wednesday agenda 


Time Session 
7:30 - . n 
Registration and Breakfast 
8:30 AM 
8:30 - rey Opening Video & Welcome 
8:35 AM Laurie MacCarthy - EVP Worldwide Field Operations, Qualys 
8:35 - Featured Keynote - The Cyber War and You 
a AM Richard A. Clarke - America’s first czar of cybersecurity and counter-terrorism, and 
7 author of The Fifth Domain 
I20 @ Keynote - Security at a Crossroads, Part II 
9:50 AM Philippe Courtot - Chairman and CEO, Qualys 
9:50 - 
Break 
10:15 AM 
10:15 AM - Keynote - The Evolution of the Qualys Platform: 
ene oe Unveiling the Latest Updates and Next-Gen Initiatives 
A Sumedh Thakar - President and Chief Product Officer, Qualys 
12:00 - a i , 
Lunch & Book Signing: The Fifth Domain 
1:30 PM 
1:30 - Kahoot! Live Customer Polling and Trivia 
1:45 PM Download the free app or visit https://kahoot.it to play 
1:45 - a Real-Time Vulnerability Detection, Prioritization and Response 
2:15 PM Chris Rodgers - Director of Product Management, Qualys 
215 - Securing the Digital Transformation with DevOps: 
, Cloud and Container Security Automation 
2:45 PM 


Badri Raghunathan - Director of Product Management, Qualys 
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All Wednesday sessions will take place in Tower Ballroom 4. 
All meals will take place in Tower Ballroom 5. Breaks will take place in the Renaissance Foyer. 


Time Session 
2:45 - 
Break 
3:00 PM 
3:005 Keynote - Building Security into Azure 
3:40 PM g Ramesh Chinta - Group Program Manager, Microsoft 
3:45 - Panel: Security in the Age of Digital Transformation - The View From Our 
4:30 PM Customers 
Moderator: Sumedh Thakar - President and Chief Product Officer, Qualys 
Panelists: 


Wendy M. Pfeiffer - CIO, Nutanix 

Chad Schieken - Executive Director Cyber Exposure Management, Comcast 
Senthil Selvaraj - SVP Independent Technology Risk, PNC Bank 

Thomas Graham - CISO, CynergisTek 

Hemanta Swain - VP & Chief Information Security Officer, TiVo Corporation 


4:30 - Kahoot! Live Customer Polling and Trivia 

4:45 PM Download the free app or visit https://kahoot.it to play 
4:45 - @ Day 1 Closing Remarks 

5:00 PM Philippe Courtot, Chairman and CEO, Qualys 


7:00 - Cocktail Hour 

8:00 PM Renaissance Foyer 
8:00 - Dinner 

9:00 PM Tower Ballroom 5 
9:00 - Qualys Casino Night 

11:00 PM Tower Ballroom 4 
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Thursday agenda 


Time Session 
7:30 - oo 
Registration and Breakfast 
8:30 AM 
8:30 - Welcome 
8:35 AM Laurie MacCarthy - EVP Worldwide Field Operations, Qualys 
855 § Featured Keynote - The Road Ahead for Security, IT and DevOps 
9:25 AM Scott Crawford - Research Vice President, 451 Research 
9:25.- ©- The DevOps Transformation of the Qualys Platform: Lessons Learned 
9:50 AM ) Dilip Bachwani - SVP, Engineering and Cloud Operations, Qualys 
9:50 - 
Break 
10:05 AM 
10:05 - Æ Threat Hunting with Qualys: Going Beyond Your EDR Solutions 
10:25 AM E> Chris Carlson - VP of Strategy, Qualys 
1025 Ca) Keynote - Hacker Stories: Turning Use Cases Into Abuse Cases 
11:05 AM Charles Henderson - Global Head of IBM X-Force Red 
11:05 - Break & Kahoot! Live Customer Polling and Trivia 
11:20 AM Download the free app or visit https://kahoot.it to play 
11:20 - Continuous Compliance for Hybrid Environments 
11:45 AM Shailesh Athalye - VP of Compliance Solutions, Qualys 
11:45 AM - Moving Security up the Stack - Web Application and API Security 
12:05 PM & Dave Ferguson - Director of Product Management, Qualys 
12:05 - + Building an Enterprise ITAM for IT and Security 
12:30 PM 9) Chris Rodgers - Qualys, former Information Security Engineer at Western Union 
12:30 - 
Lunch 
2:00 PM 
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Customer breakout sessions will take place in the DaVinci and Raphael Ballrooms. 
Unless noted, all other Thursday sessions will take place in Tower Ballroom 4. 
All meals will take place in Tower Ballroom 5. Breaks will take place in the Renaissance Foyer. 


Customer Breakout Track 1 


Customer Breakout Track 2 


2:00 - The Vulnerability Lifecycle Beyond Vulnerability Scanning 
2:30 PM Brian Rossi - Sr. Security Manager - Continuous Enterprise 
& Vulnerability Management, Caterpillar Vulnerability Management and 
DaVinci Ballroom Self-service 
Vinny Hoxha - Director of 
Q Cybersecurity, General Motors 
Wilson Lee - Security Assurance 
© Manager, General Motors 
Raphael Ballroom 
2:40 - Fix it Once - How Ancestry Integrating Qualys Web 
3:10 PM Successfully Manages Application Scanning (WAS) with 
Vulnerability in the Cloud through Azure DevOps 
Amazon Machine Images D Andrei Hotaran - Director of Security 
Grant Johnson - Director of Risk and ü and Emerging Technologies, Celestica 
= Compliance, Ancestry Geronimo Welter Lapinig - IT System 
DaVinci Ballroom $ Specialist, Celestica 
Raphael Ballroom 
3:20 - A Risk-based Approach to Policy Compliance to Achieve 
3:50 PM Security Leveraging the Qualys VMP and Security Risk 
Cloud Platform Compliance Goals 
& Kumar Ravi - VP of Information John Njenga, Principal Security 
Security & Data Privacy, EXL Service & Engineer, IT Security Engineering - 
DaVinci Ballroom VMP, Fortune Global 50 Retailer 
Raphael Ballroom 
3:50 - 
Break 
4:00 PM 
4:00 - Interactive Session - Meet the Qualys Engineers and Product Managers 
; Qualys Engineers and Product Managers 
aor Tower Ballroom 5. Visit page 17 to see all topics and to reserve a spot. 
4:40 - Closing Remarks 
Philippe Courtot - Chairman and CEO, Qualys 
4:50 PM @ 


Tower Ballroom 5 
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Keynote sessions 


The Cyber War and You 
Richard A. Clarke - America’s first 
czar of cybersecurity and counter- 
terrorism, and author of The Fifth 
Domain. 


Wed 8:35 - 9:20 AM 
Room: Tower Ballroom 4 


Ten years ago, in the seminal book Cyber War, America’s 
first cyber czar predicted how hacker groups and 
nation-states would put America’s companies, power 
grid, and critical infrastructure at risk. Now, that has 
happened. Drawing from his new book, The Fifth 
Domain, Clarke outlines how to protect our country, our 
companies, and ourselves. 


Security at a Crossroads, Part II 
Philippe Courtot - Chairman and 
CEO, Qualys 


Wed 9:20 - 9:50 AM 
Room: Tower Ballroom 4 


At QSC18, Philippe discussed the profound impact of digital 
transformation on the enterprise — the rapid adoption 

of clouds, the consolidation of the stack, the evolution 

of the managed security service provider (MSSP), and 

the continued impact of IoT and OT — all of which have 
come to fruition. At QSC19, we'll take this a step further 
and explore what these changes mean for us as security 
practitioners, partners and vendors with an emphasis on 
how we'll adapt and evolve. 


The Evolution of the Qualys 
Platform: Unveiling the 

Latest Updates and Next-Gen 
Initiatives 

Sumedh Thakar - President and Chief 
Product Officer, Qualys 


D 


Wed 10:15 AM - 12:00 PM 
Room: Tower Ballroom 4 


Effective cybersecurity needs real-time context. Today's 
approach of deploying multiple, siloed cybersecurity 
products and stitching them together with SIEM solutions 
to get context is not working. The keynote will cover current 
industry trends, challenges, and opportunities for better 
security in the new hybrid world. Sumedh will share Qualys' 
approach to building a unique, unified platform for IT, 
security and compliance, covering architecture and recent 
updates as well as next-gen initiatives with lively demos. 


Building Security into Azure 
Ramesh Chinta - Principal Group 
Program Manager, Microsoft 


© 


Wed 3:00 - 3:40 PM 
Room: Tower Ballroom 4 
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Security and Compliance are critical decision- 

making criteria for customer's digital transformation, 
modernization and migration to the cloud. Ramesh Chinta 
will discuss how Azure security services are built in 
conjunction with a rich ecosystem of partners. The primary 
focus will be on how Azure delivers end-to-end, built-in 
security to customers. The session will cover key Azure 
security services and their comprehensive coverage in 

the areas of protection, detection, and response to protect 
customer workloads on Azure. 


The Road Ahead for Security, IT 
and DevOps 

Scott Crawford, Research Vice 
President, 451 Research 


& 


Thu 8:35 - 9:25 AM 
Room: Tower Ballroom 4 


IT is undergoing a transformation as never before. The 
cloud is refactoring the way computing technologies are 
defined and operated. DevOps trends and open source are 
redefining how those technologies are built and deployed. 
Operational technologies are reshaping the edge of 
enterprise networks, while a plethora of newer, “smarter” 
systems are shaping digital experience. Analytics and 

the ability of computers to learn are driving much of this 
innovation, powering further innovation to come. How is 
security evolving with all these revolutionary changes? In 
this session, we’ll examine the “innovator’s dilemma” facing 
security providers and professionals alike, and how these 
forces are shaping what security will become. 


Hacker Stories: Turning Use 
Cases Into Abuse Cases 
Charles Henderson, Global Head of 
IBM X-Force Red 


Thu 10:25 - 11:05 AM 
Room: Tower Ballroom 4 


Most people abide by use cases. They buy Internet- 
connected thermostats to more efficiently heat and cool 
their homes. They buy hammers to hit nails. 


Asmaller group of people, however, abide by abuse cases. 
Those people are hackers. They buy Internet-connected 
thermostats to see if they can gain control of them remotely. 
They buy hammers to crack open hardware. 


Join the talk to learn more about the value of abuse cases. 
Hear real hacker stories about abuse cases gone right 

and wrong, and walk away with a better understanding of 
the mindset of a hacker. 
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Keynote speakers 


Richard A. Clarke 


America’s first czar of cybersecurity and counter-terrorism, and author of 
The Fifth Domain 


Wed 8:35 - 9:20 AM | The Cyber War and You 
Room: Tower Ballroom 4 


Richard A. Clarke is a former key advisor on intelligence and counter- 
terrorism who worked during the administrations of Presidents 

Ronald Reagan, George H. W. Bush, and Bill Clinton. Starting in 1998, 

he also served as the National Coordinator for Security, Infrastructure 
Protection, and Counter-terrorism for the U.S. National Security Council. 


Philippe Courtot 


Chairman and CEO, Qualys 


Wed 9:20 - 9:50 AM | Security at a Crossroads, Part II 
Room: Tower Ballroom 4 


As CEO of Qualys, Philippe has worked with thousands of companies 

to improve their IT security and compliance postures. Philippe received 
the SC Magazine Editor's Award in 2004 for bringing on demand 
technology to the network security industry. He was also named the 
2011 CEO of the Year by SC Magazine Awards Europe. He was previously 
Chairman and CEO of Signio until its acquisition by VeriSign. He is also 
a member of the Board of Directors of StopBadware, a non-profit, anti- 
malware organization. 


Sumedh Thakar 


President and Chief Product Officer, Qualys 

Wed 10:15 AM - 12:00 PM | The Evolution of the Qualys Platform: Unveiling 
the Latest Updates and Next-Gen Initiatives 

Room: Tower Ballroom 4 


As President and Chief Product Officer at Qualys, Sumedh oversees 
worldwide field operations as well as all things product including 
engineering, development, product management, cloud operations, 
DevOps, and customer support. He is responsible for the design, 
development, delivery and support of all product lines. He has also built 
up multiple Qualys sites resulting in a global 24x7 follow-the-sun product 
team. Sumedh has been with Qualys since 2003 and was previously vice 
president of engineering. 
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Ramesh Chinta 


Group Program Manager, Microsoft 


Wed 3:00 - 3:40 PM | Building Security into Azure 
Room: Tower Ballroom 4 


Ramesh Chinta is a group program manager and seasoned leader 

at Microsoft. During his tenure, he has built protocols and the 

storage stack for the Exchange Server and security authentication, 
authorization, and management services for Windows. He has 
experience managing Bing infrastructure services to operate systems 
and security at scale. In his current role, he manages Azure Security 
and Compliance in the security health and analytics areas. Ramesh is 
responsible for the security services in the Azure Security Center. He 
is an expert in cloud security, delivering cloud services at hyperscale, 
distributed systems, security health, and analytics domains and holds 
multiple patents in these areas. 


Scott Crawford 


Research Director, 451 Research 


Thu 8:35 - 9:25 AM | The Road Ahead for Security, IT and DevOps 
Room: Tower Ballroom 4 


Scott Crawford is Research Vice President for the Information Security 
Channel at 451 Research, where he leads coverage of emerging trends, 
innovation and disruption in the information security market. 


Charles Henderson 


Global Head of IBM X-Force Red 


Thu 10:25 - 11:05 AM | Hacker Stories: Turning Use Cases Into Abuse Cases 


Room: Tower Ballroom 4 


Charles Henderson is the Managing Partner and Global Head of X-Force 
Red. Throughout his career, Charles and the teams he has managed 
have specialized in network, application, physical, and hardware/ 
device penetration testing as well as vulnerability research. X-Force 
Red’s clients range from the largest on the Fortune lists to small and 
midsized companies interested in improving their security posture. 
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Qualys sessions 


Security at a Crossroads, Part II 
Philippe Courtot, Chairman and CEO 


Wed 9:20 - 9:50 AM 
Room: Tower Ballroom 4 


At QSC18, Philippe discussed the profound impact of digital 
transformation on the enterprise — the rapid adoption 

of clouds, the consolidation of the stack, the evolution 

of the managed security service provider (MSSP), and 

the continued impact of IoT and OT — all of which have 
come to fruition. At QSC19, we'll take this a step further 
and explore what these changes mean for us as security 
practitioners, partners and vendors with an emphasis on 
how we'll adapt and evolve. 


The Evolution of the Qualys 
Platform: Unveiling the 

Latest Updates and Next-Gen 
Initiatives 

Sumedh Thakar, President and Chief 
Product Officer 
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Wed 10:15 AM - 12:00 PM 
Room: Tower Ballroom 4 


Effective cybersecurity needs real-time context. Today's 
approach of deploying multiple, siloed cybersecurity 
products and stitching them together with SIEM solutions 
to get the context is not working. The keynote will cover 
current industry trends, challenges, and opportunities for 
better security in the new hybrid world. Sumedh will share 
Qualys' approach to building a unique, unified platform 
for IT, security and compliance, covering architecture and 
recent updates as well as next-gen initiatives with lively 
demos. 


Real-Time Vulnerability 
Detection, Prioritization and 
Response 

Chris Rodgers, Director of Product 
Management, Qualys 


Wed 1:45 - 2:15 PM 
Room: Tower Ballroom 4 


In this age of instant gratification, businesses are finally able 
to catch up with their desire to have everything identified, 
prioritized, and remediated in real time. Practitioners 

can utilize the vulnerability detection and remediation 
cycle to establish efficient closed-loop processes for their 
organizations. Find out how to get started when you 

are staring down a mountain of vulnerability data, and 
learn how to sift out remediation processes with ease by 
spending time on the right vulnerabilities. See how sharing 
simple and actionable insights with your colleagues and 
executive team provides the assurance they need to know 
their vulnerability detection and remediation is accurate 
and in good hands. 


Securing the Digital 
Transformation with DevOps: 
Cloud and Container Security 
Automation 

Badri Raghunathan, Director of 
Product Management, Qualys 


Wed 2:15 - 2:45 PM 
Room: Tower Ballroom 4 
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Enterprises are committed to adopting and operationalizing 
cloud infrastructure and cloud-native compute technologies 
like containers and serverless platforms as part of their 
digital transformation efforts. Yet, digital transformation 
also brings with it an increased attack surface. What’s 

more, the sheer speed and scale of the underlying DevOps 
pipeline requires a proactive, continuous and automated 
approach to security. To address these challenges, Qualys is 
introducing new capabilities to increase inventory visibility 
and enable complete security assessments of cloud 
infrastructure and application workloads across the DevOps 
pipeline. 


Panel: Security in the Age of 

Digital Transformation - The 

View from Our Customers 

Moderator: 

- Sumedh Thakar - President and 
Chief Product Officer, Qualys 


Panelist: 

- Wendy M. Pfeiffer - ClO, Nutanix 

- Chad Schieken - Executive 
Director Cyber Exposure 
Management, Comcast 

- Senthil Selvaraj - SVP 
Independent Technology Risk, 
PNC Bank 

- Thomas Graham - CISO, 
CynergisTek 

- Hemanta Swain - VP & Chief 
Information Security Officer, 
TiVo Corporation 


Wed 3:45 - 4:30 PM 
Room: Tower Ballroom 4 


This panel of leading industry experts will focus on 
discussing the opportunities we have in today's world 

of digital transformation to improve our IT and security 
delivery. We'll discuss how the rapid adoption of clouds, the 
consolidation of the security stack, and the proliferation 
of OT and IoT has impacted our panelists' companies and 
teams. Next, we'll debate DevOps, and see what DevOps 
approaches panelists are using to advance their security 
posture along with other topics. Moderated by Sumedh 
Thakar, Qualys President and Chief Product Officer, 
panelists include senior representatives from Comcast, 
CynergisTek, Nutanix, PNC Bank, and TiVo Corporation. 
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Qualys sessions cont. 


The DevOps Transformation of 
the Qualys Platform: Lessons 
Learned 

Dilip Bachwani - SVP, Engineering 
and Cloud Operations, Qualys 


$ 


Thu 9:25 - 9:50 AM 
Room: Tower Ballroom 4 


Qualys' goal, as we set out on our digital transformation 
journey, was to develop and execute a comprehensive 
DevOps strategy to deliver products and functionality 
efficiently and reliably and ultimately to bring better value 
to our customers. In this session, we will share lessons 
learned as we’ve built out our DevOps toolchain and 
processes, including how we have integrated security best 
practices within the DevOps lifecycle. 


Threat Hunting with Qualys: 
Going Beyond Your EDR 
Solutions 

Chris Carlson, VP of Strategy, Qualys 


& 


Thu 10:05 - 10:25 AM 
Room: Tower Ballroom 4 


Endpoint Detection and Response tools are a crucial 
component of Threat Hunting and Incident Response for 
organizations of all sizes. However, the user suffers as the 
tools are siloed and only provide a single view of their own 
data. Threat Hunting with Qualys combines a platform 
view of the organization’s networks, servers, endpoints, 
and cloud workloads to bring context to security analysts, 
greatly speeding up the time to detect, investigate, and 
respond. Yov'’ll learn how to use existing Qualys Cloud 
Apps and new innovations of the Qualys Platform to 
streamline, accelerate, and deliver more operational 
capabilities for threat hunting, malware investigation, alert 
triaging, and incident response. 


Continuous Compliance for 
Hybrid Environments 

Shailesh Athalye, VP of Compliance 
Solutions, Qualys 


B 


Thu 11:20 - 11:45 AM 
Room: Tower Ballroom 4 


As organizations adopt emerging technologies, which often 
have few to no known CVE-based vulnerabilities in the 
wild, a variety of regulations still require them to monitor 
and secure critical files from unauthorized changes. We 
will look at how Qualys Policy Compliance (PC) and File 
Integrity Monitoring (FIM) not only help you continuously 
assess and monitor drifts against your gold baseline, but 
also automates alerts and misconfiguration remediation to 
protect assets in hybrid environments. Next, we'll unveil a 
new customizable policy compliance dashboard that pivots 
on controls, assets and compliance trending for better 
insights. 


Moving Security up the Stack 
- Web Application and API 
Security 
Dave Ferguson, Director of Product 
Management, Qualys 


& 


Thu 11:45 AM - 12:05 PM 
Room: Tower Ballroom 4 
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Qualys sessions cont. 


Latent vulnerabilities may linger in your custom-coded 
web applications and APIs, presenting an enticing target 
for cyber-attackers. You can protect against these with new 
capabilities in Qualys Web Application Scanning (WAS) 

to detect out-of-band vulnerabilities such as Server Side 
Request Forgery and SMTP injection. The upcoming API 
Security app leverages the Swagger/OpenAPI specification 
to give your development teams better insights into the 
security of the APIs they build. 


Building an Enterprise ITAM for 


IT and Security 

Chris Rodgers, Qualys, former 
Information Security Engineer at 
Western Union 
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Thu 12:05 - 12:30 PM 
Room: Tower Ballroom 4 


This session will focus on identifying the right recipe 

for success when building and utilizing an IT Asset 
Management solution. I'll draw on examples from my 
experience as an info sec engineer to show how to leverage 
visibility as the foundation of your security architecture, 
along with the role it plays in threat hunting and 
compliance. 


Interactive Session - Meet the 
Qualys Engineers and Product 
Managers 

Qualys Engineers and Product 
Managers 


Thu 4:10 - 4:40 PM 
Room: Tower Ballroom 5 


Meet the Qualys engineers and product managers at QSC. 
It's a unique opportunity for you to ask the questions that 
matter the most to you with fellow customers and the 
Qualys technical team. The discussions will be led by the 
engineers and product managers that are building the 
solutions. 


e Global IT Asset Management 

e Vulnerability Management, Detection and Response (VMDR) 
e Compliance Monitoring 

e Web App and API Security 

e Cloud and Container Security 

e Developer API and Integrations 

e Cloud Agent Platform 


Sign up at qualys.com/meetup to let us know which discussion 
topics you’d like to attend. Please sign up by the end of day 
Wednesday to reserve your spot. 
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Best practices 


CATERPILLAR @ 


The Vulnerability Lifecycle 
Brian Rossi, Sr. Security Manager Vulnerability Management, 
Caterpillar 


Thu 2:00 - 2:30 PM 
Room: DaVinci Ballroom 


Follow along as we journey through an organization's 
attempt to bridge the gap between IT Operations and 
Security Operations. Learn how Caterpillar implemented 
Qualys and ServiceNow to drive vulnerability remediation 
and increase operational efficiency for managing discovered 
vulnerabilities. 


Beyond Vulnerability Scanning - Continuous Enterprise 
Vulnerability Management and Self-service 

Vinny Hoxha, Director of Cybersecurity, 

General Motors 

Wilson Lee, Security Assurance Manager, 

General Motors 


Thu 2:00 - 2:30 PM 
Room: Raphael Ballroom 


This session will outline an approach to managing 
vulnerabilities at an enterprise scale, allowing for 
continuous vulnerability assessments, a 360 degree view 
of vulnerabilities associated with any enterprise system, 
remediation prioritization, remediation ownership, self- 
serve vulnerability detection and remediation capabilities, 
and continuous improvement tracking and reporting. 
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Fix it Once - How Ancestry Successfully Manages 
Vulnerability in the Cloud through Amazon Machine 
Images 


Grant Johnson, Director of Risk and Compliance, Ancestry 


Thu 2:40 - 3:10 PM 
Room: DaVinci Ballroom 


Traditional vulnerability management approaches don’t 
meet the needs of a rapidly changing cloud environment 
and constantly churning infrastructure. Learn how Ancestry 
discovered that patch management no longer worked, and 
found success by integrating vulnerability mitigation into 
the company’s development and operational processes. 

See also how they have significantly reduced vulnerability 
risk through the use of Amazon Machine Images (AMIs), 
evolved Infosec processes, and have successfully reduced 
the friction between Security Operations and development 
teams. Through technology and process evolution that align 
with business goals, Ancestry has created a sustainable and 
efficient approach to mitigate vulnerability risk. 


Celestica @ 


Integrating Qualys Web Application Scanning (WAS) with 
Azure DevOps 

Andrei Hotaran, Director of Security and Emerging 

Technologies, Celestica 

Geronimo Welter Lapinig, IT System Specialist, Celestica 


Thu 2:40 - 3:10 PM 
Room: Raphael Ballroom 


Companies are increasingly accountable for meeting 
standard application security policies. However, many 
organizations are still dealing with manual and arduous 
vulnerability scanning processes. Hear the team at Celestica 
share their journey towards implementing and automating 
secure practices using Qualys WAS in their development 
pipeline and accelerating the application vulnerability 
management process. 
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Xext ry 


A Risk-based Approach to Security Leveraging the Qualys 
Cloud Platform 

Kumar Ravi, VP of Information Security & Data Privacy, 

EXL Service 


Thu 3:20 - 3:50 PM 
Room: DaVinci Ballroom 


In this session, we'll see how EXL uses the Qualys Cloud 
Platform and apps - Vulnerability Management, Threat 
Protection and Policy Compliance - to build a risk-based 
approach to security. We'll also take a look at the maturity 
journey surrounding various dimensions of vulnerability 
management, vis-a-vis coverage, depth, frequency, lifecycle, 
and response priority. 


Fortune 


Global 50 B& 
Retailer 


Policy Compliance to Achieve VMP and Security Risk 
Compliance Goals 

John Njenga, Principal Security Engineer, IT Security Engineering - 
VMP, Fortune Global 50 Retailer 


Thu 3:20 - 3:50 PM 
Room: Raphael Ballroom 


It is a well-known fact among most IT security practitioners 
that the reduction of security risk can only be achieved 
and maintained by practicing good asset management and 
configuration hygiene, employing layered defenses, and 
maintaining a rigorous vulnerability risk management 
program. In this session, you will learn a proven approach 
to achieving specific VMP and security risk and compliance 
goals as well as IT Security Policy and Regulatory 
Compliance requirements (SOX and PCI) by using the 
Qualys Policy Compliance product toolsets for asset 
configuration benchmarking. 
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Dinner & Qualys Casino Night 


QUALYS 


CASINO 


S-N o~ o~ 
B i (T) 
hd ww wr 


Kick off the evening with cocktails, sit down 
for a tasty dinner, and try your luck at the 
tables for a chance to win great prizes, 
including Qualys’ limited edition jacket! 

We hope you'll join us for socializing and 
interaction among fellow customers, Qualys 
partners and employees. 


Cocktail Hour: 
Wed, 7:00 - 8:00 PM in Renaissance Foyer. 


Dinner: 
Wed, 8:00 - 9:00 PM in Tower Ballroom 5. 


Qualys Casino Night games: 
Black jack, poker, craps and roulette. 


Hours: 
Wed, 9:00 - 10:30 PM in Tower Ballroom 4. 
Winners announced at 11:00 PM 


Rules: 

e Each player receives a Qualys chip with a 
value of $1,000. 

e Player redeems Qualys chip at any casino 
table. 

ayer plays until money runs out or time 
runs out. 

e At 10:30 PM, Pit Boss makes an 

announcement about the end of the game. 

e Pit Boss polls the crowd to determine who 

has the most amount of chips. 

Top 8 players win. 

e Pit Boss announces winner. 
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Qualys Security Conference 2019 


Video testimonial 


Help us spread the word! 


As you know, we recently made our Global 
IT Asset Inventory app free of charge so 
everyone around the world can benefit. 
But we need your help spreading the 
message to other security professionals. 
Not just about the free app, but also about 
your experiences using the Qualys Cloud 
Platform and the problems it helps you 
solve. 


We'd love to share your thoughts on our 
social media pages and website. If you 

are interested, sign up to tape a video 
testimonial; we just need 15 minutes of 
your time. There’s nothing to fret, if you’re 
not happy with the testimonial or have any 
concerns, we won't use it. 


Sign up at the registration desk or contact 
me directly. To show our thanks, you'll 
receive a special, limited edition Qualys 
jacket! 


Christine Ellis 
cellis@qualys.com 
(831) 359 0609 (text or call) 


Get this limited edition Qualys jacket! 


Q&A Bar 


ir latest apps. 
& tricks. 


Got questions? 
Demo our latest apps. 
Get tips & tricks. 


Get answers to your questions from Qualys 
experts. From learning about new apps to 
core features, best practices and approaches 
to troubleshooting, our Qualys experts have 
you covered. 


Find us in the Renaissance Foyer across from 
the General Session doors. 


Conference Guide 


Q&A Bar Times 


Wed 7:40am - 11:40am 
3:20pm - 8:30pm 


Thu” 8:40am - 11:00am 
2:00pm - 4:00pm 


Wednesday hours: 
7:30 AM - 5:30 PM 
7:00 PM - 10:30 PM 


Thursday hours: 
7:30 AM - 4:00 PM 


